Configuring the Check Point Harmony Mobile Dashboard Integration Settings
Assign the app to the selected groups of users or devices.
Note - For easy reference during configuration, you can record your settings in the special table (see "Integration Information" in Configuring UEM to Deploy the Harmony Mobile Protect app). |
Prerequisites
You need the following details from your BlackBerry UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point. Deployment:
-
Server: The root URL to your BlackBerry UEM Web Services API including the leading https://, such as https://uem.acme.us:18084
-
SRP ID: This is the SRP ID from BlackBerry licensing registered to your instance, in the form of <Sxxxxxxxx> ("x" denotes a digit from 0 to 9). This value can be found by going to BlackBerry UEM Console > Help > About BlackBerry UEM.
-
BlackBerry UEM Harmony Mobile Administrator Username and Password: These are the Admin credentials that the Harmony Mobile Dashboard will use to connect to the UEM. You may have created a special API Admin account, see Creating API Account for Integration with the Harmony Mobile.
-
Groups(s): These are the BlackBerry UEM user provisioning groups to which the users/devices to be registered to Harmony Mobile are grouped, and will be integrated with the Harmony Mobile Dashboard. Multiple groups can be integrated with the one Harmony Mobile Dashboard instance by entering each group name separated with a semicolon (;). These are the User Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. Groups ("SBM_Local_Users; SBM_AD_Users") we created in Creating User Provisioning Groups.
-
Mitigation Group: This field will not be used as we will be using the CHKP Risk and Status tags.
If a Parent Organization Group is integrated with a Harmony Mobile Dashboard, then any child Organization Group of that Parent cannot be integrated with a different Harmony Mobile Dashboard.
Note - Only the devices are synchronized from BlackBerry UEM to the Harmony Mobile Dashboard not users. |
Configuring BlackBerry UEM Integration Settings on the Harmony Mobile
After you complete the necessary steps, the Integrations pane shows the detailed status of the settings.
To configure BlackBerry UEM integration settings:
-
Access your Harmony Mobile Dashboard via the Infinity Portal.
-
Go to Settings > Integration ,Click "+" to create a new integration setting.
The Integration Wizard opens.
-
Select Assets.
-
Configure the settings for your - Blackberry UEM Deployment.
-
Server Setup
Configure your UEM to integrate with the created BlackBerry UEM devices:
-
In Server Setup section, enter this information:
-
UEM service - BlackBerry UEM
-
Display Name - UEM Default
-
Server Address - The full URL needed for the UEM service
-
User name
-
Password
-
SRF ID
-
Connector Setup (advanced)
If the UEM server uses a self-signed certificate for external communication, select the relevant box to upload the certificate directly (use CER file format base64 [PEM] encoded) or just paste the certificate text directly in the box.
-
-
-
Using Connector (Optional)
You can configure Harmony Mobile Connector when the UEM is on-premises and has no direct access from the Harmony Mobile cloud. For more information, see Harmony Mobile Connector Installation Guide.
Click Next.
-
Synchronization Configuration
Configure the groups of devices that synchronizes with Harmony Mobile dashboard. The drop-down list automatically populates all the user groups the API user has access to.
-
In Group(s):
-
Click Group(s).
A drop-down with list of the available groups opens.
-
Select the group(s) you need for integration with BlackBerry UEM.
-
-
In Android Enterprise Groups:
Select the groups for two deployed applications as part of the BlackBerry UEM Android Enterprise deployment. See Using Android Enterprise with Harmony Mobile.
Note - The list populates only groups selected from previous step of synchronized groups.
Make sure you select a group that include Android devices configured to have both personal and work profiles (iOS devices can be included in this group as well).
-
In the Advanced section:
-
Import Personally Identifiable Information (PII) and set the synchronization intervals.
You can limit the import of the PII devices (users) to Harmony Mobile, by default it is set to ON.
Note - If all entries are OFF, the placeholder information set
for the email address is placed in the Device Owner's Email,
in form of "UEMDevice UDID@vendor.UEM".
Setting
Description
Values
Device sync interval
Interval to connect with UEM to sync devices.
10-1440 minutes, in 10 minute intervals.
Device deletion threshold
Percentage of devices allowed for deletion after UEM device sync (in %).
0-100% ; use 100% for no threshold *
Deletion delay after
Delay device deletion after several sync attempts - device is deleted after this amount of sync tries that confirmed deletion
1-100 sync tries.
App sync interval
Interval to connect with UEM to sync applications.
10-1440 minutes, in 10 minute intervals.
Click Next.
-
-
-
Tagging Configuration
Specify whether to send information to BlackBerry UEM in order to communicate the deployment status of Harmony Mobile Protect app and the risk level of the device.
Example:
-
In Tagging Section:
-
Set Tag device status to ON.
For integration with BlackBerry UEM, the Device Status tags are interpreted as "user groups" of "CHKP_Status_ Provisioned", "CHKP_Status_Active", or "CHKP_Status_Inactive" which will have an either "0" or "1" when set. We will use the CHKP_Status user groups to determine when to prompt the user to install the Harmony Mobile Protect app on their device. If none of CHKP_Status user groups haven't been set yet for a device, then the device has not been synced with Harmony Mobile Dashboard.
-
Set Tag device risk to ON.
For integration with BlackBerry UEM, the Device Risk tags are interpreted as "user groups" of "CHKP_Risk_None", "CHKP_Risk_Low", "CHKP_Risk_Medium", and "CHKP_Risk_High" with the values of "0" or "1". We will use the CHKP_Risk user groups to determine when to enact certain policies or actions on the device. As an example, if CHKP_Risk_High is set to "1", then the device will be sent an in-app notification and blocked from running corporate apps or connecting to corporate assets.
-
-
In Advanced section:
The free-form Mitigation group is any unique name, such as "SBM_HighRisk", that Harmony Mobile will place only devices determined to be at High Risk. Note: This mitigation group must be created as a "user group" in BlackBerry UEM prior to using. Please note that the Mitigation group does not provided the granularity of the different risk levels of the device, just high risk. This method was the original way to group devices at high risk, and it is strongly recommended that you implement the CHKP_Risk and CHKP_Status user groups instead of using the free-form Mitigation group.
-
Click Finish.
-
-
Deployment
Specify the deployment status of a device.
Note - This section is optional, because Blackberry UEM manages the deployment automatically.
Example:
If you use Harmony Mobile to manage the deployment:
In this screen you will see the Use token in application configuration settings. Save this token for later as you will use it to manage the application in Adding the Harmony Mobile Protect app to your App Catalog
In the Advanced section:
-
Enable options to send email and/or SMS notification to the new users with instructions to download and install the Harmony Mobile Protect app.
-
Click Finish.
Example:
-
View the Integration Status: In Settings > Integration menu.
Select the integration you want to shows the information for and click the "i" icon on the top right:
-
UEM Server - The latest server configuration status.
-
Device Sync Status - The synchronized groups and the device sync status time stamp.
-
App Sync Status - The last time applications were fetched from the UEM (Applicable for iOS deployment only).
-
Tagging- Tagging Configuration and Tagging Status.
-
Deployment - Deployment Configuration and Deployment Status.
Example:
-
-
The 3 dots on the top of the integration settings will allow you to select extra functions:
Click Edit / (in each section) to edit the settings if needed.
Click Sync Now to force an immediate device sync call and not wait to the next auto sync cycle.
Click Pause / Resume to temporarily stop or resume the device sync process.
Click Remove to remove the integration settings altogether.
-
You can click again the "+" to add more integration settings from other different UEM solutions in case relevant for your deployment. Harmony Mobile support integration of multiple UEM solutions from a single dashboard.
-
-